1. Technical Field
The present invention relates generally to computer systems and more specifically to password security features of computer systems. Still more particularly, the present invention relates to enabling secure access to computer systems when power-up passwords are lost or forgotten.
2. Description of the Related Art
Computer systems that are operated within an administered network are often provided boot-up security password(s) to prevent access by persons other than the authorized user(s) and/or the administrator. The user-password is typically selected by the user during system setup, and this user-password is stored within a non-volatile memory component of the computer system. Entry of the user-password is required for the boot process initiated by the basic input/output system (BIOS) once the computer system has been powered-on or awakened from hibernation.
With traditional computer systems, passwords were typically stored in battery-backed CMOS RAM. Before users were allowed to access the computer system, they were required to enter a password. When a password is entered, the computer's boot-up routine compares the entered password to the password stored in CMOS RAM and if the two passwords matched, the user is allowed access to the computer system.
Limitations exist in the use of CMOS RAM to store passwords. For example, if a computer system is stolen, the security afforded by passwords stored in battery-backed CMOS RAM may be bypassed. An unauthorized user may open the box and remove the CMOS RAM battery in order to gain access to the system. When the CMOS RAM battery is removed, the storage area of the password is cleared (wiped out). Then, when the CMOS RAM battery is reinstalled, the system powers-up without a password, allowing an unauthorized user to access the computer system.
Thus, to avoid such breaches in security passwords, conventional computer systems are designed with the passwords stored in non-volatile memory. When stored in non-volatile memory, the password cannot be bypassed by removing the CMOS RAM battery. However, even this method has built-in limitations, as there is no way for legitimate users, who loses/forgets his/her password to access the computer system without using the administrative password. Occasionally, with both small and large networks, the administrator is unavailable at the time the user requires assistance with accessing the computer. Also, it is quire common for the administrator to have to provide the user with the administrative password to enable the user to override the request for the user password. This reduces or eliminates the efficiency of the administrator password.
In some network computer systems associated with a network/corporate framework that prevents unauthorized users from accessing certain local system and network features of the computer, administrative security features are placed on the machine by a system administrator. The administrator configures the computer system with a master/administrative password. The user is then given access to the computer and the opportunity to establish his/her own user password. In some instances, more than one user password is required, (e.g., one to gain access to the computer system and another to gain access to the hard file of the computer system).
Complex passwords are often difficult to remember. Even with simple passwords, however, it is not uncommon for the user to forget his/her boot-up password. Since the computer system cannot be accessed without entry of a correct password, the user is then forced to seek administrative assistance to access the computer system.
For most systems, administrative assistance is provided to the user via a known/available telephone number of the administration center (server and personnel). In some situations, a help center is provided to assist the user of the computer system with any problems encountered when operating the computer system, including boot-up password assistance.
One of the more common help center (administration) calls is from users who forget their Power on Passwords or hardfile passwords. The most common model for addressing this problem by remote administration, is for an administrator to tells the user over the phone the administrative (“admin”) or hardfile master passwords. However, giving the administrative password to each user who calls in breaks the security model for administrative passwords, and thus proves to be ineffective across a network environment. A new administrative password would have to be set each time someone forgets his/her user password.
The present invention realizes that it would be desirable to have a method to securely recover a system without compromising other systems and/or administrative passwords in the network. A method and system that provides legitimate users with access to their computer system if they have forgotten or lost their password without compromising the administrative passwords would be a welcomed improvement. These and other benefits are provided by the disclosed invention.